Corporate Authentication Systems (hell!)

I’ve been struggling recently with the ‘enterprise security system’ in place at the OU. This is some obscure system invented in-house (by sadists) to authenticate people against our systems.

It works OK most of the time but it’s not standards-based. It doesn’t talk LDAP. It doesn’t talk to other authentication systems in any meaningful way. You need to set it up on every service you run. You need to set up ‘tokens’ in every directory of web servers where it’s installed to tell them who to allow in. etc etc.

We have a myriad of great systems in the university but they are being hamstrung by the fact that we can do any kind of meaningful pass through authentication. Luckily a colleague of mine has invented a mechanism for getting the system to work in harmony with OpenID and we’re close to achieving some way to allow us to work with other systems more meaningfully in the future. I’m very frustrated about it now though because although the current system works reasonably well for people in the OU there is no reasonable way of allowing ‘authenticated visitor’ or ‘logged in public’ access in any meaningful way, we can of course merge authentication systems for a particular services (as I do) but this gives problems later when the same visitors want to access other OU services.
I’m not sure how much of a problem this is elsewhere but I would guess that the lack of a decent authentication and user verification service has put the OU back several years in development time because every new project with a mixed user community(OpenLearn being the most recent example) will have to find some sort of individual workaround. Central services don’t see a problem because most of the services they provide are staff only (or student only) and therefore it’s simple for them and anyone else doing development across user spheres just has to find their own solution.

Subscribe

Weblog of Will Woods syndicates its weblog posts and Comments using a technology called RSS (Real Simple Syndication). You can use a service like Bloglines to get notified when there are new posts to this weblog.